CVE-2018-20622: Medium severity ibm rational doors next generation vulnerability

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2018-20622.

Q: What is the severity of CVE-2018-20622?

The severity of CVE-2018-20622 is medium, with a severity value of 6.5.

Q: How does CVE-2018-20622 impact JasPer?

CVE-2018-20622 in JasPer could allow a remote attacker to obtain sensitive information, caused by a memory leak when "--output-format jp2" is used.

Q: Which software versions are affected by CVE-2018-20622?

JasPer 2.0.14, Debian Linux 8.0, IBM RDNG up to version 6.0.6.1, and IBM DOORS Next up to version 7.0 are affected by CVE-2018-20622.

Q: How can I fix the vulnerability in JasPer?

To fix the vulnerability in JasPer, it is recommended to update to a patched version of JasPer.

Published Dec 31, 2018

Updated

JasPer 2.0.14 has a memory leak in base/jasmalloc.c in libjasper.a when "--output-format jp2" is used.

Other sources

JasPer could allow a remote attacker to obtain sensitive information, caused by a memory leak in base/jasmalloc.c in libjasper.a when "--output-format jp2" is used. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to obtain sensitive information.

— IBM

Affected Software

6 affected components

IBM RDNG<=6.0.2

IBM RDNG<=6.0.6.1

IBM RDNG<=6.0.6

IBM DOORS Next<=7.0

Jasper Project Jasper=2.0.14

Debian Debian Linux=8.0

Event History

Dec 31, 2018

CVE Published

via MITRE·07:00 PM

Data Sourced

via MITRE·07:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

IBM-6235162

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2018-20622.

What is the severity of CVE-2018-20622?

The severity of CVE-2018-20622 is medium, with a severity value of 6.5.

How does CVE-2018-20622 impact JasPer?